Today I got an email from Evernote about the Adobe passwords stolen by hackers, with the advice to change my Evernote password. I went on-line to the website and changed my Evernote password. I also see a lot of posts on the forum about changing one's password if a device is stolen, to keep people from accessing your data. But I noticed that my various devices (Mac, iPad, iPhone) can still sync with the Evernote server and pull down new data (changes in my notes) even though they still have the old password! This means that if hackers had connected to my account with their devices, my changing the main password on the website won’t stop their access anymore than it stopped the access from my client apps from my Mac and my iPhone – if they had access before, they will still have access now because of this “keep me logged in” feature, right? I don't understand how the Evernote server can continue to send data to a client that no longer has the correct password. It seems like a huge security hole. I was chatting about this with an Evernote support person, and they said they'd talk to the developer and "hang on a minute" and then disconnected me after 5 minutes waiting. I have no idea what happened but I never got an answer to this. Does anyone know? How to truly disable people's access by changing my primary password if that doesn’t seem to affect clients that connected before the password change?
Idea
mlevin77 2
Today I got an email from Evernote about the Adobe passwords stolen by hackers, with the advice to change my Evernote password. I went on-line to the website and changed my Evernote password. I also see a lot of posts on the forum about changing one's password if a device is stolen, to keep people from accessing your data. But I noticed that my various devices (Mac, iPad, iPhone) can still sync with the Evernote server and pull down new data (changes in my notes) even though they still have the old password! This means that if hackers had connected to my account with their devices, my changing the main password on the website won’t stop their access anymore than it stopped the access from my client apps from my Mac and my iPhone – if they had access before, they will still have access now because of this “keep me logged in” feature, right? I don't understand how the Evernote server can continue to send data to a client that no longer has the correct password. It seems like a huge security hole. I was chatting about this with an Evernote support person, and they said they'd talk to the developer and "hang on a minute" and then disconnected me after 5 minutes waiting. I have no idea what happened but I never got an answer to this. Does anyone know? How to truly disable people's access by changing my primary password if that doesn’t seem to affect clients that connected before the password change?
Link to comment
21 replies to this idea
Recommended Posts
Archived
This topic is now archived and is closed to further replies.